Why You Need a Physical Vault to Secure a Virtual Currency

Share

I am transfixed by the plummeting signal strength on my phone as employees of cryptocurrency exchange Coinbase close the flap of the stuffy silver tent I’m standing inside. The fabric walls enclose a cubic space about 8 feet across and contain mesh that functions as a Faraday cage, which blocks electromagnetic radiation. By the time the tent is sealed, my connection to the outside world has drained away to nothing. Now the ceremony can begin.

I’m about to witness an arcane ritual intended to bewitch Wall Street and help it fall in love with cryptocurrency.

You may have heard that bitcoin and other cryptocurrencies sets money free. The technology can transfer sums as small as a quarter-cent or as large as a quarter of a billion dollars without the need for a bank, in transactions as irrevocable as handing over cash. Proponents pitch it as an internet-era upgrade from a financial system run on dead trees, 1970s IT infrastructure, and bricks of buttery yellow metal.

But cryptocurrencies come with physical constraints of their own.

One is an unsightly environmental footprint. The computers known as “miners” that thrash through tricky math to verify bitcoin transactions consume as much energy as a small country. Another stems from a great irony: The safest way to store virtual currency is offline, in computers unconnected to the internet. To get its depositors bitcoin offline and then back on, Coinbase has devised an elaborate ceremony that generates encryption keys and prints them out on paper, which are then hidden in a reimagining of the bank vault.

Coinbase is the largest cryptocurrency exchange in the US. It has more than 20 million accounts and looks after billions of dollars worth of bitcoin, Ethereum, and other cryptocurrencies for its customers. Now it wants to lure billions more from conventional financial institutions, such as hedge and investment funds.

Coinbase generates the encryption keys that control clients' cryptocurrency inside a tent, which blocks electromagnetic signals to prevent snooping.

Phuc Pham

The company’s pop-up Faraday tent and what happens inside is crucial to that offering. Institutional investors are subject to regulations that require them to place customers’ assets with a “qualified custodian.” The Securities and Exchange Commission indicated earlier this year that it is thinking about how to apply this rule to cryptocurrency. Coinbase founder Brian Armstrong wants his firm to be ready. “There’s a bunch of institutional money interested in the cryptocurrency space,” he says. “But they need a qualified institution to act as a custodian.”

Coinbase’s shielded ceremony is at the heart of that service. Ownership and control of a digital pile of bitcoin or other cryptocurrency comes down to possession of cryptographic keys, one of which might look something like this: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa. Every now and then, the company pitches its shiny tent inside a randomly chosen secure location in San Francisco to generate and print out thousands of keys. “It takes most of a day, and we’re in there until it’s done,” says Philip Martin, Coinbase’s head of security. Custody clients transfer their assets to one of the new keys when opening an account.

Martin’s is not the only team hoping to attract Wall Street’s crypto-assets. Some institutions already send their bitcoins to Murray, Kentucky, where a small financial company called Kingdom Trust was early to offer cryptocurrency custody services. Japanese investment bank Nomura started offering its own in May. Bloomberg reported this month that Goldman Sachs is exploring doing the same. A spokesperson for the bank says the company hasn’t decided on its cryptocurrency-related offerings.

Martin and his team came up with their key-generation and storage scheme because, while cryptocurrency transactions use cryptography to prevent the same money from being spent twice, funds are still easily defrauded or stolen. The rise of bitcoin, since its creation in 2008, can be tracked by the parade of heists in which exchanges have been hacked. Computer security company Carbon Black estimates that more than $1 billion of cryptocurrency was stolen in just the first half of 2018.

In conventional finance, transactions such as bank wires can be undone for a period after they take place. Cryptocurrency security has to be more sophisticated because there is no undo function, according to Nicholas Weaver, a security researcher at the University of California at Berkeley. “Because cryptocurrency is incompatible with modern financial fraud mitigation, you just can’t keep it on an internet connected computer,” he says.

Philip Martin, Coinbase's head of security, seals the flap of the tent with metal mesh in its fabric.

Phuc Pham

This power supply in the tent is designed to hide power fluctuations that could leak clues about what's happening.

Phuc Pham

Coinbase’s mechanism for taking internet money off the internet begins with Martin’s security team pitching its tent and running a shielded power supply inside. This smooths out power fluctuations that can leak clues as to what’s happening. Then the team sets up a folding table with a printer on it, and gets to work.

Fittingly, the ceremony starts with the flip of a coin issued by the US Mint. It and everything that follows are captured on video to allow for auditing later. The coin toss determines which of two new laptops with their hard drives and Wi-Fi cards removed will be used to generate the keys.

Coinbase staff boot up a Linux-based operating system on the hobbled laptop from a USB drive. They use custom software to generate new encryption keys that will control customers’ funds, and split those keys into multiple encrypted pieces encoded into a series of QR codes.

Then the complicated but logical process seems to take an unnecessary diversion: The QR codes are transferred onto an Apple laptop. Why? “It’s just way easier printing from a Mac,” says Zak Blacher, a member of Coinbase’s security team who performs the ceremony.

For the laptop used to generate the keys, this is the end of the journey—the device is destroyed to prevent leaks. The paper with QR codes is put into binders and stored in a secure facility somewhere in San Francisco—where, in theory, hackers can’t reach it. Backups are scattered around the world on USB and hard drives in case, as Martin puts it, “a small asteroid hits San Francisco.”

LEARN MORE

About the irony of storing billions of dollars of internet money on stacks of paper, Martin says it’s just good security engineering—an evolution of the bank vault, not a throwback. “Cryptocurrencies have a threat model that’s fundamentally different from what’s come before,” he says. “We’re taking the lessons from the past about physical security and blending them with well structured cryptography.”

Clients can request access any time of day or night, but typically regain their funds within one or two days, making it unsuited to slinging bitcoin back and forth minute by minute. (Coinbase has a separate trading service for institutional investors.) The process begins with a client logging into Coinbase’s website with a USB security key to request a transfer. The details are reviewed by a team who then require video calls with the approvers listed on an account, because Coinbase is wary of humans or software mimicking its customers’ voices. “We want to see a live person and interact with them,” Martin adds.

After that, a quorum of employees known as sages—a name inspired by videogame The Legend of Zelda—verify the request. If it all looks above board, they use encryption keys of their own to inform a team of “librarians” with access to the stored paper that they need to scan the multiple QR codes needed to put the key controlling the client’s funds back together. At last, the money can move.

Alex Lindgren, a lawyer who works with cryptocurrency companies and investors, expects custody services like Coinbase’s to usher additional billions of dollars into cryptocurrencies over the next few years. They will help institutional investors feel more comfortable with cryptocurrency markets, he says.

He also acknowledges that the current technology seems clunky. Lindgren is hopeful elaborate third-party storage services become less important over time, as new mechanisms emerge to trade cryptocurrencies. Just because using and storing bitcoin can be bizarrely complicated today, doesn’t mean it will always be that way. “Carts and horses were a lot more efficient than cars for a while after [cars] came out," he notes, "but it over time it became clear which was more useful.”